I am curious how vulnerable my app is, I believe I have found several vulnerabilities but thought it would be festive to have a challenge for Hacktoberfest.
My latest code is in the hacktoberfest branch so dig in there to see the inner workings or challenge yourself more and try to do it without looking at the back end code.
Create a PR to the hacktoberfest branch with an updated Readme stating what what the vulnerability is and where you found the vulnerability/potential fix.
PLEASE BE AWARE THAT YOUR PASSWORD YOU USE TO CREATE AN ACCOUNT ON MY APP IS VULNERABLE (if that hasn't crossed your mind yet)
If you accidentally used a password you didn't want to use and would like me to delete it from the database please comment below)
P.S. As the month goes on I will give suggestions/clues to help crack into my db. Check back here for clues.
PREVIOUSLY:
See PR #29 for the first vulnerability that was found. I believe there is one more vulnerability that allows a non registered user to post information (comment and add plates).
Update:
See if you can retrieve password for username: bobbyj and create a PR to the hacktoberfest branch with password
I am curious how vulnerable my app is, I believe I have found several vulnerabilities but thought it would be festive to have a challenge for Hacktoberfest.
My latest code is in the hacktoberfest branch so dig in there to see the inner workings or challenge yourself more and try to do it without looking at the back end code.
Live app is running here: http://bit.ly/2duQKj8
Create a PR to the hacktoberfest branch with an updated Readme stating what what the vulnerability is and where you found the vulnerability/potential fix.
PLEASE BE AWARE THAT YOUR PASSWORD YOU USE TO CREATE AN ACCOUNT ON MY APP IS VULNERABLE (if that hasn't crossed your mind yet) If you accidentally used a password you didn't want to use and would like me to delete it from the database please comment below)
P.S. As the month goes on I will give suggestions/clues to help crack into my db. Check back here for clues.
PREVIOUSLY: See PR #29 for the first vulnerability that was found. I believe there is one more vulnerability that allows a non registered user to post information (comment and add plates).
Update: See if you can retrieve password for username: bobbyj and create a PR to the hacktoberfest branch with password